Express Ma^pbel No.: EM401 140800US 
CLAIMS 

1. A mfethod for establishing a secure communication channel between a client and an 
application sirver comprising the steps of: 

generating by a ticket service a ticket having an identifier and a session key; 
obtaining said ticket from said ticket service; 

transmitting said ticket to a client over a secure communication channel; 

transmitting said identifier of said ticket by said client to an application server over an 
application communication channel; 

obtaining by said application server a copy of said session key of said ticket from said 
ticket service; and \ 

encrypting communications exchanged between said client and said application server 
over said application communication channel using said session key to establish said application 
communication channel as a secure communication channel. 

2. The method oflclaim 1 wherein obtaining said ticket from said ticket service further 
comprises transmittinglsaid ticket to a web server. 

3. The method of dlaim 2 wherein transmitting said ticket to a client further comprises 
transmitting said ticket by said web server. 

4. The method of claim 2 wherein said ticket service resides on said web server. 

5. The method of clam 2 further comprising transmitting by said application server said 
identifier to said web server over a server communication channel. 

6. The method of claim 5 further comprising receiving by said application server said 
response to transmitting saia identifier to said web server. 
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The method of claim 5 further comprising validating by said web server said identifier 



transmitted by 



said application server. 



8. The method of claim 7 wherein said validating further comprises confirming by said web 
server that said identifier is received by said web server within a certain time frame relative to a 
time that said identifier was transmitted by said web server to said client. 

9. The mei hod of claim 1 wherein said session key is substantially equivalent to a null 
value. 

10. The method of claim 9 wherein said null value is a constant value. 



11. The 
channel as a 



metftod of claim 9 further comprising establishing said application communication 
communication channel. 



secure 



12. A method for establishing a secure communication channel between a client and an 
application server comprising the steps of: 

establishing a secure web communication channel between a web browser executing on 
veb server; 

\ a ticket having an identifier and a session key from said web server over said 



said client and a 



receiving 

secure web communication channel; and 

transmitting said identifier of said ticket to said application server over an application 
communication channel to provide said application server with information for obtaining a copy 
of said session ke ?. 

br establishing a secure communication channel between a client and an 
comprising the steps of: 

ticket having an identifier and a session key over a secure web 



13. A method 
application server 
receiving a 



communication cl annel; 
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5 transmitting said identifier of said ticket to said application server over an application 

6 communication channel to provide said application server with information for obtaining a copy 

7 of said session key; and 

8 encrwrting and decrypting communications transmitted to and received from said 

9 application server over said application communication channel using said session key received 

10 over said secure web communication channel to establish said application communication 

1 1 channel as a secure communication channel. 

1 14. The method of claim 13 further comprising requesting a software application over said 

2 secure web communication channel. 

ffl 15. The method! of claim 1 3 wherein said identifier is a nonce. 

iJ 16. The method pf claim 13 further comprising using secure socket layer technology to 

Jl; establish said secure Web communication channel. 

JjH 17. The method oi claim 13 wherein said ticket is generated by a ticket service. 

jjL 18. The method ofpaim 13 wherein said identifier is an application server certificate. 

g 19. The method of ilaim 1 8 further comprising using secure socket layer technology to 

: . | 1 

a establish said application communication channel. 

1 20. The method of cl^im 1 3 further comprising transmitting a password to said application 

2 server. 

1 21 . The method of claiVn 13 further comprising receiving said ticket and a remote display 

2 protocol application over said web communication channel. 

1 22. A communications system for establishing a secure communication channel comprising: 

2 a ticket service generating a ticket having an identifier and a session key; 
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a communications device in communication with said ticket service to obtain said ticket 



4 from said ticke 



a client 



6 communicatio] 



service; 

in communication with said communications device over a secure 
channel to receive said ticket from said communications device over said secure 



7 communication channel; and 

8 an application server in communication with said client over an application 

9 communication channel to receive said identifier of said ticket from said client and in 

10 communication with said ticket service to obtain a copy of said session key from said ticket 

1 1 service, said application server and said client exchanging communications over said application 

12 communication channel encrypted using said session key to establish said application 
l>i communication channel as a secure communication channel. 

T 23. The system jof claim 22 wherein said ticket service resides on said communications 

|1 device. 

JL 24. The system 4>f claim 23 further comprising said application server transmitting said 

§3 identifier to said coiWiunications device over a server communication channel. 

D 25. The system of claim 24 further comprising said application server requesting a copy of 

2 said session key in response to said identifier. 

1 26. The system oflclaim 25 further comprising said communications device validating said 

2 identifier transmitted t>y said application server. 

1 27. The system of claim 26 wherein said communications device validating further comprises 

2 said communications device confirming that said identifier has not been previously transmitted 

3 by said application server. 
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1 28. The system of claim 26 wherein said communications device validating further comprises 

2 said communi nations device confirming that said identifier is received by said communications 

3 device within i certain time frame relative to a time that said identifier was transmitted by said 

4 communications device to said client. 

1 29. The system of claim 27 further comprising said communications device transmitting said 

2 session key to s\id application server over said server communication channel in response to said 

3 identifier. 

1 30. The sy stein of claim 27 wherein said server communication channel is a secure 

2 communication chaamel. 

[|j 31. The system of claim 25 further comprising said communications device transmitting 

% additional information to said application server over said server communication channel. 

5P 32. The system ofpaim 3 1 wherein said additional ticket information further comprises login 
information of a user of said client. 



X 33. The system of claim 32 wherein said additional ticket information further comprises a 
jgj name of a software application executing on said application server. 

34. The system of claim 22 wherein said communications device further comprises a web 



2 server. 

1 35. The method of claim 22 further comprising said client transmitting a password of a user 

2 operating said client to saidl application server. 

1 36. The method of claim 22 further comprising said ticket service transmitting information 

2 corresponding to at least onp of said client and a user operating said client to said application 

3 server. 
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